fingerprint-mcp 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (269) hide show
  1. package/LICENSE +663 -0
  2. package/README.ar.md +767 -0
  3. package/README.bn.md +767 -0
  4. package/README.bs.md +767 -0
  5. package/README.da.md +767 -0
  6. package/README.de.md +770 -0
  7. package/README.el.md +767 -0
  8. package/README.es.md +769 -0
  9. package/README.fr.md +769 -0
  10. package/README.hi.md +767 -0
  11. package/README.it.md +767 -0
  12. package/README.ja.md +767 -0
  13. package/README.ko.md +772 -0
  14. package/README.md +767 -0
  15. package/README.no.md +767 -0
  16. package/README.pl.md +767 -0
  17. package/README.pt-BR.md +767 -0
  18. package/README.ru.md +767 -0
  19. package/README.th.md +767 -0
  20. package/README.tr.md +767 -0
  21. package/README.uk.md +767 -0
  22. package/README.vi.md +767 -0
  23. package/README.zh-TW.md +768 -0
  24. package/README.zh.md +768 -0
  25. package/dist/app/index.d.ts +3 -0
  26. package/dist/app/index.d.ts.map +1 -0
  27. package/dist/app/index.js +614 -0
  28. package/dist/app/index.js.map +1 -0
  29. package/dist/composite/analyze.d.ts +3 -0
  30. package/dist/composite/analyze.d.ts.map +1 -0
  31. package/dist/composite/analyze.js +59 -0
  32. package/dist/composite/analyze.js.map +1 -0
  33. package/dist/composite/correlate.d.ts +3 -0
  34. package/dist/composite/correlate.d.ts.map +1 -0
  35. package/dist/composite/correlate.js +184 -0
  36. package/dist/composite/correlate.js.map +1 -0
  37. package/dist/composite/enumerate.d.ts +3 -0
  38. package/dist/composite/enumerate.d.ts.map +1 -0
  39. package/dist/composite/enumerate.js +94 -0
  40. package/dist/composite/enumerate.js.map +1 -0
  41. package/dist/composite/helpers.d.ts +22 -0
  42. package/dist/composite/helpers.d.ts.map +1 -0
  43. package/dist/composite/helpers.js +111 -0
  44. package/dist/composite/helpers.js.map +1 -0
  45. package/dist/composite/index.d.ts +3 -0
  46. package/dist/composite/index.d.ts.map +1 -0
  47. package/dist/composite/index.js +29 -0
  48. package/dist/composite/index.js.map +1 -0
  49. package/dist/composite/meta.d.ts +3 -0
  50. package/dist/composite/meta.d.ts.map +1 -0
  51. package/dist/composite/meta.js +23 -0
  52. package/dist/composite/meta.js.map +1 -0
  53. package/dist/composite/osint.d.ts +3 -0
  54. package/dist/composite/osint.d.ts.map +1 -0
  55. package/dist/composite/osint.js +40 -0
  56. package/dist/composite/osint.js.map +1 -0
  57. package/dist/composite/recon.d.ts +3 -0
  58. package/dist/composite/recon.d.ts.map +1 -0
  59. package/dist/composite/recon.js +131 -0
  60. package/dist/composite/recon.js.map +1 -0
  61. package/dist/composite/scan-dns.d.ts +3 -0
  62. package/dist/composite/scan-dns.d.ts.map +1 -0
  63. package/dist/composite/scan-dns.js +44 -0
  64. package/dist/composite/scan-dns.js.map +1 -0
  65. package/dist/composite/scan-http.d.ts +3 -0
  66. package/dist/composite/scan-http.d.ts.map +1 -0
  67. package/dist/composite/scan-http.js +68 -0
  68. package/dist/composite/scan-http.js.map +1 -0
  69. package/dist/composite/scan-paths.d.ts +3 -0
  70. package/dist/composite/scan-paths.d.ts.map +1 -0
  71. package/dist/composite/scan-paths.js +32 -0
  72. package/dist/composite/scan-paths.js.map +1 -0
  73. package/dist/composite/scan-ports.d.ts +3 -0
  74. package/dist/composite/scan-ports.d.ts.map +1 -0
  75. package/dist/composite/scan-ports.js +79 -0
  76. package/dist/composite/scan-ports.js.map +1 -0
  77. package/dist/composite/scan-services.d.ts +3 -0
  78. package/dist/composite/scan-services.d.ts.map +1 -0
  79. package/dist/composite/scan-services.js +111 -0
  80. package/dist/composite/scan-services.js.map +1 -0
  81. package/dist/composite/scan-tls.d.ts +3 -0
  82. package/dist/composite/scan-tls.d.ts.map +1 -0
  83. package/dist/composite/scan-tls.js +32 -0
  84. package/dist/composite/scan-tls.js.map +1 -0
  85. package/dist/composite/scan-waf.d.ts +3 -0
  86. package/dist/composite/scan-waf.d.ts.map +1 -0
  87. package/dist/composite/scan-waf.js +35 -0
  88. package/dist/composite/scan-waf.js.map +1 -0
  89. package/dist/correlation/index.d.ts +3 -0
  90. package/dist/correlation/index.d.ts.map +1 -0
  91. package/dist/correlation/index.js +1044 -0
  92. package/dist/correlation/index.js.map +1 -0
  93. package/dist/data/analytics-patterns.d.ts +21 -0
  94. package/dist/data/analytics-patterns.d.ts.map +1 -0
  95. package/dist/data/analytics-patterns.js +449 -0
  96. package/dist/data/analytics-patterns.js.map +1 -0
  97. package/dist/data/app-signatures.d.ts +52 -0
  98. package/dist/data/app-signatures.d.ts.map +1 -0
  99. package/dist/data/app-signatures.js +1143 -0
  100. package/dist/data/app-signatures.js.map +1 -0
  101. package/dist/data/c2-signatures.d.ts +54 -0
  102. package/dist/data/c2-signatures.d.ts.map +1 -0
  103. package/dist/data/c2-signatures.js +256 -0
  104. package/dist/data/c2-signatures.js.map +1 -0
  105. package/dist/data/cloud-ranges.d.ts +34 -0
  106. package/dist/data/cloud-ranges.d.ts.map +1 -0
  107. package/dist/data/cloud-ranges.js +628 -0
  108. package/dist/data/cloud-ranges.js.map +1 -0
  109. package/dist/data/cookie-patterns.d.ts +28 -0
  110. package/dist/data/cookie-patterns.d.ts.map +1 -0
  111. package/dist/data/cookie-patterns.js +225 -0
  112. package/dist/data/cookie-patterns.js.map +1 -0
  113. package/dist/data/error-signatures.d.ts +19 -0
  114. package/dist/data/error-signatures.d.ts.map +1 -0
  115. package/dist/data/error-signatures.js +321 -0
  116. package/dist/data/error-signatures.js.map +1 -0
  117. package/dist/data/favicon-hashes.d.ts +25 -0
  118. package/dist/data/favicon-hashes.d.ts.map +1 -0
  119. package/dist/data/favicon-hashes.js +249 -0
  120. package/dist/data/favicon-hashes.js.map +1 -0
  121. package/dist/data/h2-signatures.d.ts +50 -0
  122. package/dist/data/h2-signatures.d.ts.map +1 -0
  123. package/dist/data/h2-signatures.js +211 -0
  124. package/dist/data/h2-signatures.js.map +1 -0
  125. package/dist/data/header-order.d.ts +38 -0
  126. package/dist/data/header-order.d.ts.map +1 -0
  127. package/dist/data/header-order.js +185 -0
  128. package/dist/data/header-order.js.map +1 -0
  129. package/dist/data/jarm-signatures.d.ts +25 -0
  130. package/dist/data/jarm-signatures.d.ts.map +1 -0
  131. package/dist/data/jarm-signatures.js +213 -0
  132. package/dist/data/jarm-signatures.js.map +1 -0
  133. package/dist/data/saas-patterns.d.ts +23 -0
  134. package/dist/data/saas-patterns.d.ts.map +1 -0
  135. package/dist/data/saas-patterns.js +139 -0
  136. package/dist/data/saas-patterns.js.map +1 -0
  137. package/dist/data/sensitive-paths.d.ts +12 -0
  138. package/dist/data/sensitive-paths.d.ts.map +1 -0
  139. package/dist/data/sensitive-paths.js +1539 -0
  140. package/dist/data/sensitive-paths.js.map +1 -0
  141. package/dist/data/service-banners.d.ts +59 -0
  142. package/dist/data/service-banners.d.ts.map +1 -0
  143. package/dist/data/service-banners.js +323 -0
  144. package/dist/data/service-banners.js.map +1 -0
  145. package/dist/data/smtp-signatures.d.ts +12 -0
  146. package/dist/data/smtp-signatures.d.ts.map +1 -0
  147. package/dist/data/smtp-signatures.js +350 -0
  148. package/dist/data/smtp-signatures.js.map +1 -0
  149. package/dist/data/takeover-patterns.d.ts +37 -0
  150. package/dist/data/takeover-patterns.d.ts.map +1 -0
  151. package/dist/data/takeover-patterns.js +249 -0
  152. package/dist/data/takeover-patterns.js.map +1 -0
  153. package/dist/data/tech-patterns.d.ts +44 -0
  154. package/dist/data/tech-patterns.d.ts.map +1 -0
  155. package/dist/data/tech-patterns.js +690 -0
  156. package/dist/data/tech-patterns.js.map +1 -0
  157. package/dist/data/waf-signatures.d.ts +21 -0
  158. package/dist/data/waf-signatures.d.ts.map +1 -0
  159. package/dist/data/waf-signatures.js +318 -0
  160. package/dist/data/waf-signatures.js.map +1 -0
  161. package/dist/dns/index.d.ts +3 -0
  162. package/dist/dns/index.d.ts.map +1 -0
  163. package/dist/dns/index.js +1067 -0
  164. package/dist/dns/index.js.map +1 -0
  165. package/dist/enum/index.d.ts +3 -0
  166. package/dist/enum/index.d.ts.map +1 -0
  167. package/dist/enum/index.js +818 -0
  168. package/dist/enum/index.js.map +1 -0
  169. package/dist/h2/index.d.ts +3 -0
  170. package/dist/h2/index.d.ts.map +1 -0
  171. package/dist/h2/index.js +414 -0
  172. package/dist/h2/index.js.map +1 -0
  173. package/dist/http/index.d.ts +3 -0
  174. package/dist/http/index.d.ts.map +1 -0
  175. package/dist/http/index.js +2444 -0
  176. package/dist/http/index.js.map +1 -0
  177. package/dist/identify/index.d.ts +3 -0
  178. package/dist/identify/index.d.ts.map +1 -0
  179. package/dist/identify/index.js +447 -0
  180. package/dist/identify/index.js.map +1 -0
  181. package/dist/index.d.ts +3 -0
  182. package/dist/index.d.ts.map +1 -0
  183. package/dist/index.js +165 -0
  184. package/dist/index.js.map +1 -0
  185. package/dist/infra/index.d.ts +3 -0
  186. package/dist/infra/index.d.ts.map +1 -0
  187. package/dist/infra/index.js +989 -0
  188. package/dist/infra/index.js.map +1 -0
  189. package/dist/iot/index.d.ts +3 -0
  190. package/dist/iot/index.d.ts.map +1 -0
  191. package/dist/iot/index.js +610 -0
  192. package/dist/iot/index.js.map +1 -0
  193. package/dist/meta/index.d.ts +3 -0
  194. package/dist/meta/index.d.ts.map +1 -0
  195. package/dist/meta/index.js +442 -0
  196. package/dist/meta/index.js.map +1 -0
  197. package/dist/osint/index.d.ts +3 -0
  198. package/dist/osint/index.d.ts.map +1 -0
  199. package/dist/osint/index.js +687 -0
  200. package/dist/osint/index.js.map +1 -0
  201. package/dist/passive/index.d.ts +3 -0
  202. package/dist/passive/index.d.ts.map +1 -0
  203. package/dist/passive/index.js +944 -0
  204. package/dist/passive/index.js.map +1 -0
  205. package/dist/path/index.d.ts +3 -0
  206. package/dist/path/index.d.ts.map +1 -0
  207. package/dist/path/index.js +878 -0
  208. package/dist/path/index.js.map +1 -0
  209. package/dist/protocol/mcp-server.d.ts +4 -0
  210. package/dist/protocol/mcp-server.d.ts.map +1 -0
  211. package/dist/protocol/mcp-server.js +32 -0
  212. package/dist/protocol/mcp-server.js.map +1 -0
  213. package/dist/protocol/tools.d.ts +3 -0
  214. package/dist/protocol/tools.d.ts.map +1 -0
  215. package/dist/protocol/tools.js +5 -0
  216. package/dist/protocol/tools.js.map +1 -0
  217. package/dist/service/index.d.ts +3 -0
  218. package/dist/service/index.d.ts.map +1 -0
  219. package/dist/service/index.js +1053 -0
  220. package/dist/service/index.js.map +1 -0
  221. package/dist/smtp/index.d.ts +3 -0
  222. package/dist/smtp/index.d.ts.map +1 -0
  223. package/dist/smtp/index.js +437 -0
  224. package/dist/smtp/index.js.map +1 -0
  225. package/dist/ssh/index.d.ts +3 -0
  226. package/dist/ssh/index.d.ts.map +1 -0
  227. package/dist/ssh/index.js +676 -0
  228. package/dist/ssh/index.js.map +1 -0
  229. package/dist/tcp/index.d.ts +3 -0
  230. package/dist/tcp/index.d.ts.map +1 -0
  231. package/dist/tcp/index.js +369 -0
  232. package/dist/tcp/index.js.map +1 -0
  233. package/dist/timing/index.d.ts +3 -0
  234. package/dist/timing/index.d.ts.map +1 -0
  235. package/dist/timing/index.js +425 -0
  236. package/dist/timing/index.js.map +1 -0
  237. package/dist/tls/index.d.ts +3 -0
  238. package/dist/tls/index.d.ts.map +1 -0
  239. package/dist/tls/index.js +1332 -0
  240. package/dist/tls/index.js.map +1 -0
  241. package/dist/types/index.d.ts +26 -0
  242. package/dist/types/index.d.ts.map +1 -0
  243. package/dist/types/index.js +8 -0
  244. package/dist/types/index.js.map +1 -0
  245. package/dist/utils/cache.d.ts +11 -0
  246. package/dist/utils/cache.d.ts.map +1 -0
  247. package/dist/utils/cache.js +35 -0
  248. package/dist/utils/cache.js.map +1 -0
  249. package/dist/utils/murmurhash3.d.ts +3 -0
  250. package/dist/utils/murmurhash3.d.ts.map +1 -0
  251. package/dist/utils/murmurhash3.js +57 -0
  252. package/dist/utils/murmurhash3.js.map +1 -0
  253. package/dist/utils/rate-limiter.d.ts +10 -0
  254. package/dist/utils/rate-limiter.d.ts.map +1 -0
  255. package/dist/utils/rate-limiter.js +35 -0
  256. package/dist/utils/rate-limiter.js.map +1 -0
  257. package/dist/utils/require-key.d.ts +2 -0
  258. package/dist/utils/require-key.d.ts.map +1 -0
  259. package/dist/utils/require-key.js +8 -0
  260. package/dist/utils/require-key.js.map +1 -0
  261. package/dist/waf/index.d.ts +3 -0
  262. package/dist/waf/index.d.ts.map +1 -0
  263. package/dist/waf/index.js +767 -0
  264. package/dist/waf/index.js.map +1 -0
  265. package/dist/web/index.d.ts +3 -0
  266. package/dist/web/index.d.ts.map +1 -0
  267. package/dist/web/index.js +1366 -0
  268. package/dist/web/index.js.map +1 -0
  269. package/package.json +66 -0
package/README.da.md ADDED
@@ -0,0 +1,767 @@
1
+ <p align="center">
2
+ <a href="README.md">English</a> |
3
+ <a href="README.zh.md">简体中文</a> |
4
+ <a href="README.zh-TW.md">繁體中文</a> |
5
+ <a href="README.ko.md">한국어</a> |
6
+ <a href="README.de.md">Deutsch</a> |
7
+ <a href="README.es.md">Español</a> |
8
+ <a href="README.fr.md">Français</a> |
9
+ <a href="README.it.md">Italiano</a> |
10
+ <strong>Dansk</strong> |
11
+ <a href="README.ja.md">日本語</a> |
12
+ <a href="README.pl.md">Polski</a> |
13
+ <a href="README.ru.md">Русский</a> |
14
+ <a href="README.bs.md">Bosanski</a> |
15
+ <a href="README.ar.md">العربية</a> |
16
+ <a href="README.no.md">Norsk</a> |
17
+ <a href="README.pt-BR.md">Português (Brasil)</a> |
18
+ <a href="README.th.md">ไทย</a> |
19
+ <a href="README.tr.md">Türkçe</a> |
20
+ <a href="README.uk.md">Українська</a> |
21
+ <a href="README.bn.md">বাংলা</a> |
22
+ <a href="README.el.md">Ελληνικά</a> |
23
+ <a href="README.vi.md">Tiếng Việt</a> |
24
+ <a href="README.hi.md">हिन्दी</a>
25
+ </p>
26
+
27
+ <p align="center">
28
+ <br>
29
+ <picture>
30
+ <source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/badchars/fingerprint-mcp/main/.github/banner-dark.svg">
31
+ <source media="(prefers-color-scheme: light)" srcset="https://raw.githubusercontent.com/badchars/fingerprint-mcp/main/.github/banner-light.svg">
32
+ <img alt="fingerprint-mcp" src="https://raw.githubusercontent.com/badchars/fingerprint-mcp/main/.github/banner-dark.svg" width="700">
33
+ </picture>
34
+ </p>
35
+
36
+ <h3 align="center">Universel digital fingerprinting til AI-agenter.</h3>
37
+
38
+ <p align="center">
39
+ TCP, TLS/SSL, SSH, HTTP, DNS, WAF/CDN, IoT, SMTP, servicesondering, JARM, JA4X, favicon-hashing, infrastrukturtopologi, C2-detektion, OSINT-berigelse &mdash; samlet i en enkelt MCP-server.<br>
40
+ Din AI-agent far <b>fingerprinting i fuldt spektrum pa forlangende</b>, ikke 11 adskilte CLI-vaerktoejer og manuel korrelation.
41
+ </p>
42
+
43
+ <br>
44
+
45
+ <p align="center">
46
+ <a href="#problemet">Problemet</a> &bull;
47
+ <a href="#hvordan-det-er-anderledes">Hvordan Det Er Anderledes</a> &bull;
48
+ <a href="#hurtig-start">Hurtig Start</a> &bull;
49
+ <a href="#hvad-aien-kan-goere">Hvad AI'en Kan Gore</a> &bull;
50
+ <a href="#vaerktoejsreference-13-vaerktojer-103-teknikker">Vaerktojer (13)</a> &bull;
51
+ <a href="#datakilder-21">Datakilder</a> &bull;
52
+ <a href="#arkitektur">Arkitektur</a> &bull;
53
+ <a href="CHANGELOG.md">Changelog</a> &bull;
54
+ <a href="CONTRIBUTING.md">Bidrag</a>
55
+ </p>
56
+
57
+ <p align="center">
58
+ <a href="https://www.npmjs.com/package/fingerprint-mcp"><img src="https://img.shields.io/npm/v/fingerprint-mcp.svg" alt="npm"></a>
59
+ <a href="LICENSE"><img src="https://img.shields.io/badge/license-AGPL--3.0-blue.svg" alt="Licens"></a>
60
+ <img src="https://img.shields.io/badge/runtime-Bun-f472b6" alt="Bun">
61
+ <img src="https://img.shields.io/badge/protocol-MCP-8b5cf6" alt="MCP">
62
+ <img src="https://img.shields.io/badge/tools-13-ef4444" alt="13 Vaerktojer">
63
+ <img src="https://img.shields.io/badge/techniques-103-f97316" alt="103 Teknikker">
64
+ </p>
65
+
66
+ <p align="center">
67
+ <img src="https://raw.githubusercontent.com/badchars/fingerprint-mcp/main/.github/demo.gif" alt="fingerprint-mcp demo" width="800">
68
+ </p>
69
+
70
+ ---
71
+
72
+ ## Problemet
73
+
74
+ At fingerprinte en server i dag betyder at jonglere med et dusin adskilte vaerktojer. Du koerer `nmap` til portscanning, `testssl.sh` til certifikatanalyse, `curl -I` til HTTP-headere, `dig` til DNS, `wafw00f` til WAF-detektion, `ssh-audit` til SSH, et separat JARM-vaerktoj, Wappalyzer til teknologidetektion &mdash; og sa bruger du 30 minutter pa manuelt at krydsreferere alt i et regneark for at finde ud af, hvad der rent faktisk koerer.
75
+
76
+ ```
77
+ Traditionel fingerprinting-arbejdsgang:
78
+ analyser TLS-certifikater -> testssl.sh / openssl s_client
79
+ hent HTTP-headere -> curl -I
80
+ detekter webteknologier -> wappalyzer CLI
81
+ DNS-rekognoscering -> dig / nslookup / dnsenum
82
+ portscanning -> nmap -sV
83
+ WAF-detektion -> wafw00f
84
+ SSH-audit -> ssh-audit
85
+ servicefingerprinting -> nmap scripts
86
+ JARM-fingerprint -> jarm (separat vaerktoj)
87
+ tjek OSINT-databaser -> shodan CLI, censys CLI
88
+ korreler alt -> manuelt i et regneark
89
+ ──────────────────────────────
90
+ Total: 11 vaerktojer, 30+ minutter, manuel korrelation
91
+ ```
92
+
93
+ **fingerprint-mcp** giver din AI-agent 13 sammensatte vaerktojer, der omslutter 103 fingerprinting-teknikker pa tvaers af 21 udbydere via [Model Context Protocol](https://modelcontextprotocol.io). Agenten koerer multi-lag fingerprinting parallelt, korrelerer signaler pa tvaers af TCP/TLS/HTTP/DNS/SSH-lag, detekterer honeypots og C2-infrastruktur og praesenterer et samlet efterretningsbillede &mdash; i en enkelt samtale.
94
+
95
+ ```
96
+ Med fingerprint-mcp:
97
+ Du: "Lav en dyb rekognoscering pa target.com"
98
+
99
+ Agent: -> recon {url: "https://target.com", depth: "deep"}
100
+
101
+ -> TLS: nginx/1.24.0 via JARM (3fd21b20d00000...),
102
+ Let's Encrypt-certifikat, 2 SAN'er, TLS 1.2+1.3
103
+ -> HTTP: Express.js bag Cloudflare WAF,
104
+ React SPA, Google Analytics, 14 sikkerhedsheadere analyseret
105
+ -> DNS: A/AAAA/MX/TXT-poster, SPF/DKIM/DMARC konfigureret,
106
+ Slack + Google Workspace detekteret via CNAME/MX
107
+ -> Porte: 80, 443, 22 (OpenSSH 9.6), 8080 (udviklingsserver)
108
+ -> WAF: Cloudflare detekteret, oprindelse-IP opdaget via direkte forbindelse
109
+ -> Optaelling: 12 underdomaener via CT-logfiler, wildcard-DNS detekteret
110
+ -> "target.com koerer nginx/1.24.0 med Express.js bag
111
+ Cloudflare WAF. Oprindelse-IP 203.0.113.42 eksponeret pa port 8080.
112
+ TLS er korrekt konfigureret (A+ aequivalent), men udviklingsserveren
113
+ pa 8080 har ingen WAF-beskyttelse. 3 underdomaener peger pa
114
+ nedlagt infrastruktur — potentiel overtagelsesrisiko."
115
+ ```
116
+
117
+ ---
118
+
119
+ ## Hvordan Det Er Anderledes
120
+
121
+ Eksisterende vaerktojer giver dig ra data et lag ad gangen. fingerprint-mcp giver din AI-agent evnen til at **raesonnere pa tvaers af alle fingerprinting-lag samtidigt**.
122
+
123
+ <table>
124
+ <thead>
125
+ <tr>
126
+ <th></th>
127
+ <th>Traditionel Tilgang</th>
128
+ <th>fingerprint-mcp</th>
129
+ </tr>
130
+ </thead>
131
+ <tbody>
132
+ <tr>
133
+ <td><b>Graenseflade</b></td>
134
+ <td>11 forskellige CLI-vaerktojer med forskellige outputformater</td>
135
+ <td>MCP &mdash; AI-agenten kalder vaerktojer konversationelt</td>
136
+ </tr>
137
+ <tr>
138
+ <td><b>Teknikker</b></td>
139
+ <td>Et vaerktoj, et lag ad gangen</td>
140
+ <td>103 teknikker pa tvaers af 21 udbydere, koert parallelt</td>
141
+ </tr>
142
+ <tr>
143
+ <td><b>TLS-analyse</b></td>
144
+ <td>testssl.sh-output, manuel JARM-parsing separat</td>
145
+ <td>Agenten kombinerer certifikat + JARM + JA4X + cipher suites + SNI + CT-logfiler i et kald</td>
146
+ </tr>
147
+ <tr>
148
+ <td><b>Korrelation</b></td>
149
+ <td>Kopier-indsaet resultater i et regneark</td>
150
+ <td>Agenten krydskorrelerer: "JARM matcher kendt C2-framework, HTTP-timing bekraefter honeypot"</td>
151
+ </tr>
152
+ <tr>
153
+ <td><b>WAF-bypass</b></td>
154
+ <td>wafw00f detekterer WAF, du leder manuelt efter oprindelse</td>
155
+ <td>Agenten detekterer WAF, opdager oprindelse-IP og verificerer, at den serverer det samme indhold</td>
156
+ </tr>
157
+ <tr>
158
+ <td><b>API-noegler</b></td>
159
+ <td>Kraevet til Shodan, Censys osv.</td>
160
+ <td>80+ aktive teknikker virker uden nogen API-noegler; noegler laaser OSINT-berigelse op</td>
161
+ </tr>
162
+ <tr>
163
+ <td><b>Opsaetning</b></td>
164
+ <td>Installer nmap, testssl, wafw00f, ssh-audit, jarm, wappalyzer...</td>
165
+ <td><code>npx fingerprint-mcp</code> &mdash; en kommando, nul konfiguration</td>
166
+ </tr>
167
+ </tbody>
168
+ </table>
169
+
170
+ ---
171
+
172
+ ## Hurtig Start
173
+
174
+ ### Mulighed 1: npx (ingen installation)
175
+
176
+ ```bash
177
+ npx fingerprint-mcp
178
+ ```
179
+
180
+ Alle 80+ aktive fingerprinting-teknikker virker med det samme. Ingen API-noegler kraevet til TCP, TLS, SSH, HTTP, DNS, WAF, sti-, service-, timing-, IoT-, SMTP- og applikationsfingerprinting.
181
+
182
+ ### Mulighed 2: Klon
183
+
184
+ ```bash
185
+ git clone https://github.com/badchars/fingerprint-mcp.git
186
+ cd fingerprint-mcp
187
+ bun install
188
+ ```
189
+
190
+ ### Miljovariabler (valgfrie)
191
+
192
+ ```bash
193
+ # OSINT-berigelse (alle valgfrie — aktiv fingerprinting virker uden nogen noegler)
194
+ export SHODAN_API_KEY=your-key # Aktiverer osint_shodan, ssh_hostkey_lookup
195
+ export CENSYS_API_ID=your-id # Aktiverer osint_censys (gratis: 250 forepoergsler/maned)
196
+ export CENSYS_API_SECRET=your-secret # Censys API-hemmelighed
197
+ export SECURITYTRAILS_API_KEY=your-key # Aktiverer waf_origin, enum_passive_dns
198
+ export VIRUSTOTAL_API_KEY=your-key # Aktiverer osint_virustotal (gratis: 500 forepoergsler/dag)
199
+ ```
200
+
201
+ Alle API-noegler er valgfrie. Uden dem far du stadig fuld TCP/TLS/SSH/HTTP/DNS/WAF/sti/service/timing/IoT/SMTP/infrastruktur/applikations-fingerprinting, korrelation, passiv analyse, optaelling og metavaerktojer &mdash; 80+ teknikker der virker ved direkte at sondere malet.
202
+
203
+ ### Forbind til din AI-agent
204
+
205
+ <details open>
206
+ <summary><b>Claude Code</b></summary>
207
+
208
+ ```bash
209
+ # Med npx
210
+ claude mcp add fingerprint-mcp -- npx fingerprint-mcp
211
+
212
+ # Med lokal klon
213
+ claude mcp add fingerprint-mcp -- bun run /path/to/fingerprint-mcp/src/index.ts
214
+ ```
215
+
216
+ </details>
217
+
218
+ <details>
219
+ <summary><b>Claude Desktop</b></summary>
220
+
221
+ Tilfoej til `~/Library/Application Support/Claude/claude_desktop_config.json`:
222
+
223
+ ```json
224
+ {
225
+ "mcpServers": {
226
+ "fingerprint": {
227
+ "command": "npx",
228
+ "args": ["-y", "fingerprint-mcp"],
229
+ "env": {
230
+ "SHODAN_API_KEY": "optional",
231
+ "CENSYS_API_ID": "optional",
232
+ "CENSYS_API_SECRET": "optional",
233
+ "SECURITYTRAILS_API_KEY": "optional",
234
+ "VIRUSTOTAL_API_KEY": "optional"
235
+ }
236
+ }
237
+ }
238
+ }
239
+ ```
240
+
241
+ </details>
242
+
243
+ <details>
244
+ <summary><b>Cursor / Windsurf / andre MCP-klienter</b></summary>
245
+
246
+ Samme JSON-konfigurationsformat. Peg kommandoen til `npx fingerprint-mcp` eller din lokale installationssti.
247
+
248
+ </details>
249
+
250
+ ### Begynd at forepoerge
251
+
252
+ ```
253
+ Du: "Fingerprint alt om target.com — TLS, HTTP-stak, WAF, DNS, abne porte"
254
+ ```
255
+
256
+ Det er det. Agenten handterer multi-lag fingerprinting, signalkorrelation og infrastrukturanalyse automatisk.
257
+
258
+ ---
259
+
260
+ ## Hvad AI'en Kan Gore
261
+
262
+ ### Hurtig Rekognoscering
263
+
264
+ ```
265
+ Du: "Hurtig rekognoscering pa target.com"
266
+
267
+ Agent: -> recon {url: "https://target.com", depth: "quick"}
268
+
269
+ -> TCP: porte 80, 443, 22 abne
270
+ -> TLS: Let's Encrypt RSA-certifikat, TLS 1.2+1.3, nginx JARM-signatur
271
+ -> HTTP: nginx/1.24.0, Express.js, React, Cloudflare CDN
272
+ -> DNS: A 203.0.113.42, MX Google Workspace, SPF/DKIM konfigureret
273
+ -> WAF: Cloudflare detekteret (cf-ray header)
274
+ -> "target.com er en React SPA pa Express.js bag nginx/1.24.0,
275
+ serveret gennem Cloudflare CDN. TLS korrekt konfigureret med
276
+ Let's Encrypt. SSH pa port 22 koerer OpenSSH 9.6. E-mail
277
+ handteret af Google Workspace med fuld SPF/DKIM/DMARC."
278
+ ```
279
+
280
+ ### Dybdegaende TLS-Undersogelse
281
+
282
+ ```
283
+ Du: "Analyser TLS-konfigurationen af suspicious-server.com i detaljer"
284
+
285
+ Agent: -> scan_tls {host: "suspicious-server.com"}
286
+
287
+ -> Certifikat: selvsigneret, CN=localhost, udlobet for 47 dage siden
288
+ -> JARM: 2ad2ad0002ad2ad00042d42d00000069d641f34fe76acdc05c40262f8815e5
289
+ (matcher Cobalt Strike standardprofil)
290
+ -> JA4X: fingerprint matcher kendt C2-framework-monster
291
+ -> Cipher suites: accepterer svage ciphers (RC4, 3DES)
292
+ -> SNI: svarer identisk pa enhver SNI-vaerdi
293
+ -> CT-logfiler: certifikat ikke logget (ikke offentligt betroet)
294
+ -> "HOJ RISIKO: TLS-konfiguration indikerer staerkt C2-infrastruktur.
295
+ Selvsigneret udlobet certifikat, JARM-fingerprint matcher Cobalt Strike,
296
+ accepterer svage ciphers og svarer pa vilkarlige SNI-vaerdier.
297
+ Anbefaler ojebliklig undersogelse og blokering."
298
+ ```
299
+
300
+ ### WAF-Bypass og Oprindelsesopdagelse
301
+
302
+ ```
303
+ Du: "target.com er bag en WAF. Kan du finde oprindelsesserveren?"
304
+
305
+ Agent: -> scan_waf {url: "https://target.com"}
306
+ -> scan_dns {domain: "target.com"}
307
+ -> enumerate {domain: "target.com"}
308
+
309
+ -> WAF: Cloudflare (AS13335), udfordringsside pa mistanksomme anmodninger
310
+ -> DNS: A-post peger pa Cloudflare IP 104.21.x.x
311
+ -> Underdomaener: dev.target.com resolver til 203.0.113.42 (ikke-Cloudflare)
312
+ -> Direkte forbindelse til 203.0.113.42:443 returnerer samme TLS-certifikat
313
+ -> SecurityTrails historik: oprindelse var 203.0.113.42 for Cloudflare
314
+ -> "Oprindelse-IP fundet: 203.0.113.42. Opdaget via dev.target.com
315
+ underdomaene som omgar Cloudflare. Oprindelsen serverer det samme
316
+ TLS-certifikat og svarer pa target.com Host-headeren.
317
+ Oprindelsen har ingen WAF-beskyttelse — direkte adgang mulig."
318
+ ```
319
+
320
+ ### Serviceopdagelse pa en Vaert
321
+
322
+ ```
323
+ Du: "Hvilke services koerer pa 10.0.1.50?"
324
+
325
+ Agent: -> scan_ports {host: "10.0.1.50"}
326
+ -> scan_services {host: "10.0.1.50", ports: [22, 80, 3306, 5432, 6379, 8080]}
327
+
328
+ -> Port 22: OpenSSH 8.9p1 Ubuntu, ED25519 vaertsnogle
329
+ -> Port 80: Apache/2.4.57, PHP/8.2, WordPress 6.4
330
+ -> Port 3306: MySQL 8.0.36, godkendelse kraevet
331
+ -> Port 5432: PostgreSQL 16.1, SSL kraevet
332
+ -> Port 6379: Redis 7.2.4, INGEN godkendelse (aben)
333
+ -> Port 8080: Node.js Express udviklingsserver, CORS: *
334
+ -> "KRITISK: Redis pa port 6379 har ingen godkendelse — enhver pa
335
+ netvaerket kan laese/skrive data. Express udviklingsserveren pa 8080
336
+ har wildcard CORS. MySQL og PostgreSQL kraever korrekt godkendelse.
337
+ WordPress er 2 mindre versioner bagud. Ojebliklig handling nodvendig
338
+ pa Redis og udviklingsservereksponering."
339
+ ```
340
+
341
+ ---
342
+
343
+ ## Vaerktoejsreference (13 vaerktojer, 103 teknikker)
344
+
345
+ <details open>
346
+ <summary><b>recon &mdash; Fuld rekognoscering med dybdebaseret teknikvalg</b></summary>
347
+
348
+ | Parameter | Type | Beskrivelse |
349
+ |-----------|------|-------------|
350
+ | `url` | string | Mal-URL til fingerprinting |
351
+ | `depth` | `quick` \| `standard` \| `deep` | Scanningsdybde: quick=5 teknikker, standard=20, deep=50+ |
352
+
353
+ Orkestrerer teknikker fra alle udbydere baseret pa dybdeniveau. Hurtig tilstand giver et hurtigt overblik; dyb tilstand koerer udtommende fingerprinting inklusive optaelling, OSINT og korrelation.
354
+
355
+ </details>
356
+
357
+ <details>
358
+ <summary><b>scan_ports &mdash; TCP-portscanning med servicedetektion (3 teknikker)</b></summary>
359
+
360
+ | Parameter | Type | Beskrivelse |
361
+ |-----------|------|-------------|
362
+ | `host` | string | Malvaert (IP eller domaene) |
363
+ | `ports` | number[] | Valgfri &mdash; specifikke porte at scanne (standard: almindelige porte) |
364
+
365
+ | Teknik | Beskrivelse |
366
+ |--------|-------------|
367
+ | `tcp_probe` | TCP connect-scanning til at detektere abne porte |
368
+ | `tcp_banner` | Banner-opsamling pa abne porte til serviceidentifikation |
369
+ | `tcp_analysis` | Portkombinationsanalyse og serviceinferens |
370
+
371
+ </details>
372
+
373
+ <details>
374
+ <summary><b>scan_tls &mdash; Komplet TLS/SSL-analyse (8 teknikker)</b></summary>
375
+
376
+ | Parameter | Type | Beskrivelse |
377
+ |-----------|------|-------------|
378
+ | `host` | string | Malvaert (IP eller domaene) |
379
+ | `port` | number | Valgfri &mdash; TLS-port (standard: 443) |
380
+
381
+ | Teknik | Beskrivelse |
382
+ |--------|-------------|
383
+ | `tls_certificate` | X.509-certifikatparsing &mdash; emne, udsteder, SAN'er, gyldighed, kaede |
384
+ | `tls_jarm` | JARM aktiv fingerprinting &mdash; 10 TLS Client Hello-sonder, 62-tegns hash |
385
+ | `tls_ja4x` | JA4X passiv TLS-fingerprinting fra certifikategenskaber |
386
+ | `tls_ciphers` | Cipher suite-optaelling og styrkeanalyse |
387
+ | `tls_protocols` | Understottet TLS-protokolversionsdetektion (SSLv3 til TLS 1.3) |
388
+ | `tls_sni` | SNI-adfaerdstest &mdash; standardcertifikat vs. anmodet vaertsnavn |
389
+ | `tls_ct_logs` | Certificate Transparency-logopslag via crt.sh |
390
+ | `tls_ocsp` | OCSP-stapling og tilbagekaldelsesstatustjek |
391
+
392
+ </details>
393
+
394
+ <details>
395
+ <summary><b>scan_dns &mdash; DNS-efterretning (7 teknikker)</b></summary>
396
+
397
+ | Parameter | Type | Beskrivelse |
398
+ |-----------|------|-------------|
399
+ | `domain` | string | Maldomaene |
400
+
401
+ | Teknik | Beskrivelse |
402
+ |--------|-------------|
403
+ | `dns_records` | Fuld postoptaelling &mdash; A, AAAA, MX, NS, TXT, CNAME, SOA |
404
+ | `dns_email_auth` | SPF-, DKIM- og DMARC-postanalyse |
405
+ | `dns_saas` | SaaS/servicedetektion via CNAME- og MX-monstre (Slack, Zendesk osv.) |
406
+ | `dns_server` | DNS-serverfingerprinting (BIND, PowerDNS, Cloudflare osv.) |
407
+ | `dns_takeover` | Underdomaene-overtagelsesdetektion via dinglende CNAME-analyse |
408
+ | `dns_zone` | Zoneoverforselsforsoeg (AXFR) |
409
+ | `dns_caa` | CAA-postanalyse for certifikatmyndighedsrestriktioner |
410
+
411
+ </details>
412
+
413
+ <details>
414
+ <summary><b>scan_http &mdash; HTTP/web-fingerprinting (29 teknikker)</b></summary>
415
+
416
+ | Parameter | Type | Beskrivelse |
417
+ |-----------|------|-------------|
418
+ | `url` | string | Mal-URL |
419
+
420
+ | Teknik | Udbyder | Beskrivelse |
421
+ |--------|---------|-------------|
422
+ | `http_headers` | HTTP | Svarheaderanalyse og serveridentifikation |
423
+ | `http_header_order` | HTTP | Header-rae kkefoelge-fingerprint (serversoftwaresignatur) |
424
+ | `http_security_headers` | HTTP | Sikkerhedsheaderaudit (CSP, HSTS, X-Frame-Options osv.) |
425
+ | `http_cookies` | HTTP | Cookieanalyse &mdash; flag, praefikser, frameworkdetektion |
426
+ | `http_methods` | HTTP | Tilladte HTTP-metodeoptaelling (OPTIONS) |
427
+ | `http_cors` | HTTP | CORS-politikanalyse og fejlkonfigurationsdetektion |
428
+ | `http_compression` | HTTP | Understoettede komprimeringsalgoritmer (gzip, br, zstd) |
429
+ | `http_caching` | HTTP | Cache-headeranalyse (CDN, reverse proxy-detektion) |
430
+ | `http_etag` | HTTP | ETag-formatanalyse til backendidentifikation |
431
+ | `http_error` | HTTP | Fejlsidefingerprinting (brugerdefinerede vs. standardfejlsider) |
432
+ | `http_redirect` | HTTP | Omdirigeringskaedeanalyse |
433
+ | `http_timing` | HTTP | Svartimingbaseline til serverydelsesprofilering |
434
+ | `http_favicon` | HTTP | Favicon-hash (MurmurHash3) til teknologiidentifikation |
435
+ | `http_robots` | HTTP | robots.txt-parsing og ekstraktion af forbudte stier |
436
+ | `http_sitemap` | HTTP | Sitemap-opdagelse og URL-ekstraktion |
437
+ | `http_wellknown` | HTTP | .well-known-endpunktsopdagelse (security.txt, openid osv.) |
438
+ | `web_tech` | Web | Teknologidetektion via HTML/JS/CSS-monstre |
439
+ | `web_analytics` | Web | Analyse- og sporingsservicedetektion |
440
+ | `web_sourcemaps` | Web | Source map-filopdagelse |
441
+ | `web_websocket` | Web | WebSocket-endpunktsdetektion |
442
+ | `web_graphql` | Web | GraphQL-endpunktsdetektion og introspektion |
443
+ | `web_spa` | Web | Single-page applikations-frameworkdetektion |
444
+ | `web_cdn` | Web | CDN-detektion via svarheadere og DNS |
445
+ | `web_meta` | Web | HTML-metatagsanalyse (generator, framework-hints) |
446
+ | `web_feed` | Web | RSS/Atom-feedopdagelse |
447
+ | `h2_detect` | HTTP/2 | HTTP/2-protokolunderstoettelsesdetektion |
448
+ | `h2_fingerprint` | HTTP/2 | HTTP/2-serverfingerprinting (SETTINGS, WINDOW_UPDATE) |
449
+ | `h2_h3` | HTTP/2 | HTTP/3 (QUIC)-understottelsesdetektion via Alt-Svc-header |
450
+ | `app_cms` | Application | CMS-detektion (WordPress, Drupal, Joomla osv.) |
451
+
452
+ </details>
453
+
454
+ <details>
455
+ <summary><b>scan_paths &mdash; Stiefterretning (5 teknikker)</b></summary>
456
+
457
+ | Parameter | Type | Beskrivelse |
458
+ |-----------|------|-------------|
459
+ | `url` | string | Mal-URL |
460
+ | `categories` | string[] | Valgfri &mdash; kategorier at tjekke (sensitive, git, debug, api, config) |
461
+
462
+ | Teknik | Beskrivelse |
463
+ |--------|-------------|
464
+ | `path_sensitive` | Opdagelse af folsomme filer (backupfiler, konfigurationsfiler, databasedumps) |
465
+ | `path_robots` | robots.txt- og sitemap.xml-analyse for skjulte stier |
466
+ | `path_git` | Git-repositorylaekdetektion (.git/HEAD, .git/config) |
467
+ | `path_debug` | Debugendpunktsopdagelse (phpinfo, server-status, debugkonsoller) |
468
+ | `path_api` | API-version og dokumentationsendpunktsopdagelse |
469
+
470
+ </details>
471
+
472
+ <details>
473
+ <summary><b>scan_waf &mdash; WAF/CDN-detektion og fingerprinting (4 teknikker)</b></summary>
474
+
475
+ | Parameter | Type | Beskrivelse |
476
+ |-----------|------|-------------|
477
+ | `url` | string | Mal-URL |
478
+
479
+ | Teknik | Beskrivelse |
480
+ |--------|-------------|
481
+ | `waf_detect` | WAF-tilstedevaerelsedetektionen via svarheader- og adfaerdsanalyse |
482
+ | `waf_cdn` | CDN-udbyderidentifikation (Cloudflare, Akamai, Fastly osv.) |
483
+ | `waf_fingerprint` | WAF-produktidentifikation og versionsdetektion |
484
+ | `waf_origin` | Oprindelse-IP-opdagelse bag WAF/CDN (kraever `SECURITYTRAILS_API_KEY`) |
485
+
486
+ </details>
487
+
488
+ <details>
489
+ <summary><b>scan_services &mdash; Serviceniveausondering (12 teknikker)</b></summary>
490
+
491
+ | Parameter | Type | Beskrivelse |
492
+ |-----------|------|-------------|
493
+ | `host` | string | Malvaert (IP eller domaene) |
494
+ | `ports` | number[] | Valgfri &mdash; specifikke porte at sondere |
495
+ | `service` | string | Valgfri &mdash; specifik service at sondere (mysql, postgres, redis, ftp, ssh, smtp, vnc, iot) |
496
+
497
+ | Teknik | Udbyder | Beskrivelse |
498
+ |--------|---------|-------------|
499
+ | `ssh_probe` | SSH | SSH-protokolversion og softwaaredetektion |
500
+ | `ssh_algorithms` | SSH | SSH-algoritmeaudit (KEX, ciphers, MAC'er, vaertsnogletyper) |
501
+ | `ssh_hostkey_lookup` | SSH | SSH-vaertsnogleopslag via Shodan (kraever `SHODAN_API_KEY`) |
502
+ | `svc_mysql` | Service | MySQL-versionsdetektion og kapabilitetsfingerprinting |
503
+ | `svc_postgres` | Service | PostgreSQL-versionsdetektion og SSL-understo ttelsetjek |
504
+ | `svc_redis` | Service | Redis-versionsdetektion og godkendelsesstatus |
505
+ | `svc_ftp` | Service | FTP-banneranalyse og anonymt logintjek |
506
+ | `svc_vnc_rdp` | Service | VNC/RDP-servicedetektion og sikkerhedsvurdering |
507
+ | `smtp_banner` | SMTP | SMTP-banneranalyse og MTA-identifikation |
508
+ | `smtp_starttls` | SMTP | SMTP STARTTLS-understoettelse og certifikatinspektion |
509
+ | `iot_detect` | IoT | IoT-enhedsdetektion via bannermonstre og standardsider |
510
+ | `iot_upnp` | IoT | UPnP/SSDP-enhedsopdagelse pa lokalt netvaerk |
511
+
512
+ </details>
513
+
514
+ <details>
515
+ <summary><b>enumerate &mdash; Omfangsudvidelse (8 teknikker)</b></summary>
516
+
517
+ | Parameter | Type | Beskrivelse |
518
+ |-----------|------|-------------|
519
+ | `domain` | string | Maldomaene |
520
+
521
+ | Teknik | Beskrivelse |
522
+ |--------|-------------|
523
+ | `enum_subdomains` | Underdomaeneoptaelling via flere metoder |
524
+ | `enum_wildcard` | Wildcard-DNS-detektion |
525
+ | `enum_tld` | TLD-udvidelse (target.com -> target.net, target.org osv.) |
526
+ | `enum_related` | Relateret domaeneopdagelse via delt infrastruktur |
527
+ | `enum_asn` | ASN-naboopdagelse &mdash; andre domaener pa samme netvaerk |
528
+ | `enum_ct` | Certificate Transparency-logunderdomaeneedstraktion |
529
+ | `enum_passive_dns` | Passiv DNS-historik (kraever `SECURITYTRAILS_API_KEY`) |
530
+ | `enum_scope` | Omfangsresume og angrebsoverfladeoverblik |
531
+
532
+ </details>
533
+
534
+ <details>
535
+ <summary><b>osint &mdash; OSINT-berigelse (6 teknikker)</b></summary>
536
+
537
+ | Parameter | Type | Beskrivelse |
538
+ |-----------|------|-------------|
539
+ | `target` | string | IP-adresse eller domaene at berige |
540
+ | `type` | `ip` \| `domain` | Valgfri &mdash; maltype (automatisk detekteret hvis udeladt) |
541
+
542
+ | Teknik | Auth | Beskrivelse |
543
+ |--------|------|-------------|
544
+ | `osint_shodan` | `SHODAN_API_KEY` | Shodan-vaertopslag &mdash; abne porte, bannere, sarbarheder, OS |
545
+ | `osint_censys` | `CENSYS_API_ID` + `CENSYS_API_SECRET` | Censys-vaertdata &mdash; services, TLS, autonomt system |
546
+ | `osint_reverse_ip` | Ingen | Omvendt IP-opslag &mdash; andre domaener pa samme IP |
547
+ | `osint_whois` | Ingen | WHOIS-registreringsdata &mdash; registrar, datoer, navneservere |
548
+ | `osint_webarchive` | Ingen | Web Archive-historik &mdash; forste/sidste snapshot, aendringsfrekvens |
549
+ | `osint_virustotal` | `VIRUSTOTAL_API_KEY` | VirusTotal domaene/IP-rapport &mdash; detektioner, kategorier, DNS |
550
+
551
+ </details>
552
+
553
+ <details>
554
+ <summary><b>analyze &mdash; Passiv fingerprintanalyse (3 tilstande)</b></summary>
555
+
556
+ | Parameter | Type | Beskrivelse |
557
+ |-----------|------|-------------|
558
+ | `type` | `headers` \| `html` \| `banner` | Type data at analysere |
559
+ | `data` | string | Ra data at analysere (indsaet headere, HTML eller banneroutput) |
560
+
561
+ | Tilstand | Beskrivelse |
562
+ |----------|-------------|
563
+ | `fp_analyze_headers` | Passiv HTTP-headeranalyse &mdash; server-, framework-, proxydetektion uden at sende trafik |
564
+ | `fp_analyze_html` | Passiv HTML-analyse &mdash; teknologidetektion, frameworkidentifikation fra kilde |
565
+ | `fp_analyze_banner` | Passiv banneranalyse &mdash; serviceidentifikation fra ra bannertekst |
566
+
567
+ </details>
568
+
569
+ <details>
570
+ <summary><b>correlate &mdash; Multi-signal korrelationsmotor (7 tilstande)</b></summary>
571
+
572
+ | Parameter | Type | Beskrivelse |
573
+ |-----------|------|-------------|
574
+ | `type` | `consistency` \| `honeypot` \| `spoofing` \| `compare` \| `topology` \| `c2` \| `identify` | Korrelationstilstand |
575
+ | `signals` | object | Fingerprintsignaler at korrelere (varierer efter tilstand) |
576
+
577
+ | Tilstand | Beskrivelse |
578
+ |----------|-------------|
579
+ | `fp_consistency` | Kryds-lag signalkonsistenstjek &mdash; stemmer TCP-, TLS-, HTTP- og DNS-fingerprints overens? |
580
+ | `fp_honeypot` | Honeypotdetektion &mdash; tjekker for umulige servicekombinationer og adfaerdsanomalier |
581
+ | `fp_spoofing` | Spoofingdetektion &mdash; identificerer uoverensstemmende serverheadere vs. faktisk adfaerd |
582
+ | `fp_compare` | Side-om-side sammenligning af to vaerters fingerprintprofiler |
583
+ | `fp_topology` | Infrastrukturtopologikortlaegning &mdash; CDN, load balancer, reverse proxy-kaede |
584
+ | `fp_c2` | C2-frameworkdetektion via JARM, TLS, HTTP og timingkorrelation |
585
+ | `fp_identify` | Hash-baseret identifikation mod kendt signaturdatabase |
586
+
587
+ </details>
588
+
589
+ <details>
590
+ <summary><b>meta &mdash; Serverkonfiguration og data (3 tilstande)</b></summary>
591
+
592
+ | Parameter | Type | Beskrivelse |
593
+ |-----------|------|-------------|
594
+ | `category` | string | Valgfri &mdash; filtrer efter kategori |
595
+
596
+ | Tilstand | Beskrivelse |
597
+ |----------|-------------|
598
+ | `fp_sources` | Liste over alle tilgaengelige datakilder med konfiguration og API-noglestatus |
599
+ | `fp_config` | Serverkonfiguration &mdash; version, indlaeste udbydere, teknikantal |
600
+ | `fp_signatures` | Signaturdatabaseliste &mdash; JARM-, banner-, WAF-, applikationssignaturer |
601
+
602
+ </details>
603
+
604
+ ---
605
+
606
+ ### CLI-brug
607
+
608
+ ```bash
609
+ # List alle tilgaengelige vaerktojer og teknikker
610
+ npx fingerprint-mcp --list
611
+
612
+ # Koer et vilkarligt vaerktoj direkte
613
+ npx fingerprint-mcp --tool recon '{"url":"https://example.com","depth":"quick"}'
614
+ npx fingerprint-mcp --tool scan_tls '{"host":"example.com"}'
615
+ npx fingerprint-mcp --tool scan_ports '{"host":"10.0.1.50","ports":[22,80,443,3306,8080]}'
616
+ npx fingerprint-mcp --tool scan_dns '{"domain":"example.com"}'
617
+ npx fingerprint-mcp --tool scan_http '{"url":"https://example.com"}'
618
+ npx fingerprint-mcp --tool scan_waf '{"url":"https://example.com"}'
619
+ npx fingerprint-mcp --tool scan_services '{"host":"10.0.1.50","service":"redis"}'
620
+ npx fingerprint-mcp --tool enumerate '{"domain":"example.com"}'
621
+ npx fingerprint-mcp --tool analyze '{"type":"headers","data":"Server: nginx/1.24.0\nX-Powered-By: Express"}'
622
+ npx fingerprint-mcp --tool correlate '{"type":"honeypot","signals":{"jarm":"...","banner":"..."}}'
623
+ npx fingerprint-mcp --tool meta '{}'
624
+
625
+ # OSINT-vaerktojer (kraever API-noegler)
626
+ SHODAN_API_KEY=your-key npx fingerprint-mcp --tool osint '{"target":"203.0.113.42","type":"ip"}'
627
+ ```
628
+
629
+ ---
630
+
631
+ ## Datakilder (21)
632
+
633
+ | Kilde | Auth | Hvad den giver |
634
+ |-------|------|----------------|
635
+ | TCP-sondering | Ingen | Portscanning, banneropsamling, servicedetektion |
636
+ | TLS/SSL-analyse | Ingen | Certifikatparsing, JARM-fingerprinting, JA4X, cipheroptaelling, SNI-test |
637
+ | SSH-sondering | Ingen | Protokolversion, algoritmeaudit, softwaredetektion |
638
+ | HTTP-analyse | Ingen | Headerfingerprinting, favicon-hashing, cookieanalyse, metodeoptaelling, CORS |
639
+ | Webdetektion | Ingen | Teknologidetektion, analytics, source maps, WebSocket, GraphQL, SPA-frameworks |
640
+ | Stiopdagelse | Ingen | Folsomme filer, git-laek, debugendpunkter, API-versioner, robots.txt |
641
+ | DNS-oplosning | Ingen | Postoptaelling, e-mail-auth-analyse, SaaS-detektion, serverfingerprinting |
642
+ | WAF/CDN-detektion | Ingen | WAF-identifikation, CDN-detektion, WAF-fingerprinting |
643
+ | Timinganalyse | Ingen | Svartimingbaseline, urafvigelsesdetektion |
644
+ | HTTP/2 og HTTP/3 | Ingen | HTTP/2-detektion og fingerprinting, HTTP/3 Alt-Svc-opdagelse |
645
+ | SMTP-sondering | Ingen | SMTP-banneranalyse, STARTTLS-inspektion |
646
+ | IoT/Embedded | Ingen | IoT-enhedsdetektion, UPnP/SSDP-opdagelse |
647
+ | Applikationsdetektion | Ingen | CMS-, framework- og e-handelsplatformidentifikation |
648
+ | Servicesondering | Ingen | MySQL, PostgreSQL, Redis, FTP, VNC/RDP-fingerprinting |
649
+ | Infrastrukturdetektion | Ingen | Cloudprovider-, hostingprovider-, CDN-identifikation |
650
+ | Korrelationsmotor | Ingen | Signalkonsistens, honeypotdetektion, spoofingdetektion, topologikortlaegning |
651
+ | Identifikationsmotor | Ingen | Hash-baseret identifikation, C2-detektion, signaturmatchning |
652
+ | [Shodan](https://www.shodan.io) | `SHODAN_API_KEY` | Vaertefterretning &mdash; abne porte, bannere, sarbarheder, OS-detektion |
653
+ | [Censys](https://censys.io) | `CENSYS_API_ID` | Vaertdata &mdash; services, TLS-certifikater, autonomt systeminfo |
654
+ | [SecurityTrails](https://securitytrails.com) | `SECURITYTRAILS_API_KEY` | WAF-oprindelsesopdagelse, passiv DNS-historik, historiske poster |
655
+ | [VirusTotal](https://www.virustotal.com) | `VIRUSTOTAL_API_KEY` | Domaene/IP-omdoemme, detektionsresultater, DNS-historik, kategorier |
656
+
657
+ ---
658
+
659
+ ## Arkitektur
660
+
661
+ ```
662
+ src/
663
+ index.ts # CLI-indgangspunkt (--help, --list, --tool, stdio-server)
664
+ protocol/
665
+ mcp-server.ts # MCP-serveropsaetning (stdio-transport)
666
+ tools.ts # Vaerktoejsregister — alle 13 sammensatte vaerktojer registreret her
667
+ types/
668
+ index.ts # Delte typer (ToolDef, ToolContext, ToolResult)
669
+ utils/
670
+ rate-limiter.ts # Rate limiter per udbyder
671
+ cache.ts # TTL-cache til API-svar
672
+ require-key.ts # API-noglevalideringshelper
673
+ murmurhash3.ts # MurmurHash3 til favicon-hashing
674
+ composite/ # 13 sammensatte vaerktoejsorkestrorer
675
+ recon.ts # Fuld rekognosceringsorkestrorer (quick/standard/deep)
676
+ scan-ports.ts # Portscanning sammensat
677
+ scan-tls.ts # TLS-analyse sammensat
678
+ scan-dns.ts # DNS-efterretning sammensat
679
+ scan-http.ts # HTTP-fingerprinting sammensat
680
+ scan-paths.ts # Stiopdagelse sammensat
681
+ scan-waf.ts # WAF/CDN-detektion sammensat
682
+ scan-services.ts # Servicesondering sammensat
683
+ analyze.ts # Passiv analyse sammensat
684
+ correlate.ts # Korrelationsmotor sammensat
685
+ enumerate.ts # Omfangsudvidelse sammensat
686
+ osint.ts # OSINT-berigelse sammensat
687
+ meta.ts # Server-meta sammensat
688
+ helpers.ts # Delte sammensatte hjelpere
689
+ tcp/ # TCP-sonderingsteknikker (3)
690
+ tls/ # TLS/SSL-analyseteknikker (8)
691
+ ssh/ # SSH-sonderingsteknikker (3)
692
+ http/ # HTTP-fingerprintingteknikker (16)
693
+ web/ # Webteknologidetektionsteknikker (9)
694
+ path/ # Stiopdagelsesteknikker (5)
695
+ dns/ # DNS-efterretningsteknikker (7)
696
+ waf/ # WAF/CDN-detektionsteknikker (4)
697
+ timing/ # Timinganalyseteknikker (2)
698
+ h2/ # HTTP/2 og HTTP/3-teknikker (3)
699
+ smtp/ # SMTP-sonderingsteknikker (2)
700
+ iot/ # IoT/embedded-detektionsteknikker (2)
701
+ app/ # Applikationsdetektionsteknikker (3)
702
+ service/ # Servicesonderingsteknikker (5)
703
+ infra/ # Infrastrukturdetektionsteknikker (3)
704
+ correlation/ # Korrelationsmotor (5)
705
+ identify/ # Identifikationsmotor (3)
706
+ passive/ # Passiv analyse (3)
707
+ osint/ # OSINT-berigelsesteknikker (6)
708
+ enum/ # Optaellingsteknikker (8)
709
+ meta/ # Metavaerktojer (3)
710
+ data/ # Signaturdatabaser og monsterbiblioteker
711
+ jarm-signatures.ts # Kendte JARM-fingerprints (C2, servere, CDN'er)
712
+ waf-signatures.ts # WAF-detektionssignaturer
713
+ service-banners.ts # Servicebannermonstre
714
+ tech-patterns.ts # Teknologidetektionsmonstre
715
+ favicon-hashes.ts # Kendte favicon MurmurHash3-vaerdier
716
+ c2-signatures.ts # C2-frameworksignaturer
717
+ ... # 15+ signatur-/monsterdatabaser
718
+ ```
719
+
720
+ **Designbeslutninger:**
721
+
722
+ - **13 sammensatte vaerktojer, 103 teknikker** &mdash; Agenten kalder hoejniveauvaerktojer (`recon`, `scan_tls`, `scan_http`). Hvert sammensat vaerktoj orkestrerer flere lavniveauteknikker og returnerer korrelerede resultater. Dette reducerer overhead for vaerktoejskald, mens granulariteten bevares.
723
+ - **21 udbydere, 1 server** &mdash; Hvert fingerprinting-lag er et uafhaengigt modul. Den sammensatte orkestrator vaelger teknikker baseret pa kontekst og dybde.
724
+ - **Aktiv forst, OSINT valgfri** &mdash; 80+ teknikker virker ved direkte at sondere malet uden nogen API-noegler. OSINT-udbydere (Shodan, Censys, VirusTotal, SecurityTrails) tilfojer berigelse, men er aldrig paakraevet.
725
+ - **Rate limiters per udbyder** &mdash; Hver udbyder har sin egen `RateLimiter`-instans. Aktiv sondering er hastighedsbegraenset for at undga detektion; OSINT API'er er kalibreret til deres kvoter.
726
+ - **TTL-caching** &mdash; DNS-poster (10min), OSINT-resultater (15min), CT-logfiler (30min) caches for at undga overflodige opslag under multi-vaerktoejs arbejdsgange.
727
+ - **Graceful degradation** &mdash; Manglende API-noegler crasher ikke serveren. OSINT-vaerktojer returnerer beskrivende meddelelser: "Indstil SHODAN_API_KEY for at aktivere Shodan-vaertopslag."
728
+ - **3 afhaengigheder** &mdash; `@modelcontextprotocol/sdk`, `zod` og `cheerio`. Alt netvaerks-I/O via native `fetch()` og Node.js `net`/`tls`/`dns`-moduler. Ingen nmap, ingen eksterne binaerer.
729
+
730
+ ---
731
+
732
+ ## Begraensninger
733
+
734
+ - OSINT-vaerktojer (Shodan, Censys, VirusTotal, SecurityTrails) kraever API-noegler til deres respektive teknikker
735
+ - Censys gratis niveau er begraenset til 250 forepoergsler/maned
736
+ - VirusTotal gratis niveau er begraenset til 500 forepoergsler/dag
737
+ - Portscanning bruger TCP connect (ikke SYN-scanning) &mdash; mindre diskret end nmap, men kraever ingen root-privilegier
738
+ - JARM-fingerprinting kraever direkte TCP-adgang til malet (kan vaere blokeret af firewalls)
739
+ - UPnP/SSDP-opdagelse virker kun pa lokale netvaerk
740
+ - Servicesondering (MySQL, PostgreSQL, Redis) forbinder, men autentificerer ikke
741
+ - Underdomaeneoptaelling er baseret pa CT-logfiler og passive kilder (ingen brute-force)
742
+ - macOS / Linux testet (Windows ikke testet)
743
+
744
+ ---
745
+
746
+ ## Del af MCP-sikkerhedspakken
747
+
748
+ | Projekt | Domaene | Vaerktojer |
749
+ |---------|---------|------------|
750
+ | [hackbrowser-mcp](https://github.com/badchars/hackbrowser-mcp) | Browserbaseret sikkerhedstest | 39 vaerktojer, Firefox, injektionstest |
751
+ | [cloud-audit-mcp](https://github.com/badchars/cloud-audit-mcp) | Cloudsikkerhed (AWS/Azure/GCP) | 38 vaerktojer, 60+ tjek |
752
+ | [github-security-mcp](https://github.com/badchars/github-security-mcp) | GitHub sikkerhedsposition | 39 vaerktojer, 45 tjek |
753
+ | [cve-mcp](https://github.com/badchars/cve-mcp) | Sarbarhedsefterretning | 23 vaerktojer, 5 kilder |
754
+ | [osint-mcp-server](https://github.com/badchars/osint-mcp-server) | OSINT og rekognoscering | 37 vaerktojer, 12 kilder |
755
+ | [darknet-mcp-server](https://github.com/badchars/darknet-mcp-server) | Dark web og trusselefterretning | 66 vaerktojer, 16 kilder |
756
+ | **fingerprint-mcp** | **Universel digital fingerprinting** | **13 vaerktojer, 103 teknikker, 21 udbydere** |
757
+
758
+ ---
759
+
760
+ <p align="center">
761
+ <b>Kun til autoriseret sikkerhedstest og vurdering.</b><br>
762
+ Soerg altid for at have korrekt autorisation, for du udforer fingerprinting pa et mal.
763
+ </p>
764
+
765
+ <p align="center">
766
+ <a href="LICENSE">AGPL-3.0-licens</a> &bull; Bygget med Bun + TypeScript
767
+ </p>